Assembly Language for Intel-Based Computers, 6 th Edition Chapter 8: Advanced Procedures (c) Pearson Education, All rights reserved. You may modify and copy this slide show for your personal use, or for use in the classroom, as long as this copyright statement, the author's name, and the title are not changed. Slides prepared by Kip R. Irvine Kip R. Irvine

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Chapter Overview Stack Frames Recursion

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Stack Frames Stack Parameters Local Variables

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Stack Frame Also known as an activation record Area of the stack set aside for a procedure's return address, passed parameters, saved registers, and local variables Created by the following steps: Calling program pushes arguments on the stack and calls the procedure. The called procedure pushes EBP on the stack, and sets EBP to ESP. If local variables are needed, a constant is subtracted from ESP to make room on the stack.

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Stack Parameters More convenient than register parameters Two possible ways of calling DumpMem. Which is easier? pushad mov esi,OFFSET array mov ecx,LENGTHOF array mov ebx,TYPE array call DumpMem popad push TYPE array push LENGTHOF array push OFFSET array call DumpMem

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Passing Arguments by Value Push argument values on stack Call the called-procedure Accept a return value in EAX, if any Remove arguments from the stack if the called- procedure did not remove them

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Example.data val1 DWORD 5 val2 DWORD 6.code push val2 push val1 (val2) 6 (val1) 5 ESP Stack prior to CALL

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Passing by Reference Push the offsets of arguments on the stack Call the procedure Accept a return value in EAX, if any Remove arguments from the stack if the called procedure did not remove them

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Example.data val1 DWORD 5 val2 DWORD 6.code push OFFSET val2 push OFFSET val1 (offset val2) (offset val1) ESP Stack prior to CALL

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Stack after the CALL value or addr of val2 value or addr of val1 return address ESP

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Passing an Array by Reference (1 of 2) The ArrayFill procedure fills an array with 16-bit random integers The calling program passes the address of the array, along with a count of the number of array elements:.data count = 100 array WORD count DUP(?).code push OFFSET array push COUNT call ArrayFill

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Passing an Array by Reference (2 of 2) ArrayFill PROC push ebp mov ebp,esp pushad mov esi,[ebp+12] mov ecx,[ebp+8]. ESI points to the beginning of the array, so it's easy to use a loop to access each array element. View the complete program.View the complete program ArrayFill can reference an array without knowing the array's name:

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Accessing Stack Parameters (C/C++) C and C++ functions access stack parameters using constant offsets from EBP. Example: [ebp + 8] EBP is called the base pointer or frame pointer because it holds the base address of the stack frame. EBP does not change value during the function. EBP must be restored to its original value when a function returns.

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, RET Instruction Return from subroutine Pops stack into the instruction pointer (EIP or IP). Control transfers to the target address. Syntax: RET RET n Optional operand n causes n bytes to be added to the stack pointer after EIP (or IP) is assigned a value.

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Who removes parameters from the stack? Caller (C) or Called-procedure (STDCALL): AddTwo PROC push val2 push ebp push val1 mov ebp,esp call AddTwo mov eax,[ebp+12] add esp,8 add eax,[ebp+8] pop ebp ret 8

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Example This is a procedure named Difference that subtracts the first argument from the second one. Following is a sample call: push 14; first argument push 30; second argument call Difference; EAX = 16 Difference PROC push ebp mov ebp,esp mov eax,[ebp + 8]; second argument sub eax,[ebp + 12]; first argument pop ebp ret 8 Difference ENDP

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Passing 8-bit and 16-bit Arguments Cannot push 8-bit values on stack Pushing 16-bit operand may cause page fault or ESP alignment problem incompatible with Windows API functions Expand smaller arguments into 32-bit values, using MOVZX or MOVSX:.data charVal BYTE 'x'.code movzxeax,charVal pusheax callUppercase

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Saving and Restoring Registers Push registers on stack just after assigning ESP to EBP local registers are modified inside the procedure MySub PROC pushebp movebp,esp pushecx; save local registers pushedx

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Local Variables Only statements within subroutine can view or modify local variables Storage used by local variables is released when subroutine ends local variable name can have the same name as a local variable in another function without creating a name clash Essential when writing recursive procedures, as well as procedures executed by multiple execution threads

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Creating LOCAL Variables Example - create two DWORD local variables: Say: int x=10, y=20; ret address saved ebp EBP 10 (x) [ebp-4] MySub PROC 20 (y) [ebp-8] pushebp movebp,esp sub esp,8;create 2 DWORD variables movDWORD PTR [ebp-4],10 ; initialize x=10 movDWORD PTR [ebp-8],20 ; initialize y=20

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, LEA Instruction LEA returns offsets of direct and indirect operands OFFSET operator only returns constant offsets LEA required when obtaining offsets of stack parameters Example makeArray PROC … sub esp, 30;WHY? leaesi, [esb – 30]

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, LEA Example Suppose you have a Local variable at [ebp-8] And you need the address of that local variable in ESI You cannot use this: mov esi, OFFSET [ebp-8] ; error Use this instead: lea esi,[ebp-8]

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, What's Next Stack Frames Recursion

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Recursion What is Recursion? Recursively Calculating a Sum Calculating a Factorial

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, What is Recursion? The process created when... A procedure calls itself Procedure A calls procedure B, which in turn calls procedure A Using a graph in which each node is a procedure and each edge is a procedure call, recursion forms a cycle:

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Recursively Calculating a Sum CalcSum PROC cmp ecx,0; check counter value jz L2; quit if zero add eax,ecx; otherwise, add to sum dec ecx; decrement counter call CalcSum; recursive call L2: ret CalcSum ENDP The CalcSum procedure recursively calculates the sum of an array of integers. Receives: ECX = count. Returns: EAX = sum Stack frame: View the complete programcomplete program

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Calculating a Factorial (1 of 3) int function factorial(int n) { if(n == 0) return 1; else return n * factorial(n – 1); } This function calculates the factorial of integer n. A new value of n is saved in each stack frame: As each call instance returns, the product it returns is multiplied by the previous value of n.

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Calculating a Factorial (2 of 3) Factorial PROC push ebp mov ebp,esp mov eax,[ebp+8]; get n cmp eax,0; n < 0? ja L1; yes: continue mov eax,1; no: return 1 jmp L2 L1: dec eax push eax; Factorial(n-1) call Factorial ; Instructions from this point on execute when each ; recursive call returns. ReturnFact: mov ebx,[ebp+8] ; get n mul ebx ; eax = eax * ebx L2: pop ebp; return EAX ret 4; clean up stack Factorial ENDP

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, Calculating a Factorial (3 of 3) Suppose we want to calculate 12! This diagram shows the first few stack frames created by recursive calls to Factorial Each recursive call uses 12 bytes of stack space.

Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers 6/e, The End